Life notes and ideas from a security pro who lives in the mountains and does a lot of cycling, skiing, dirt biking, writing, coding, and thinking. Twitter @k3strel

Saturday, February 22, 2014

Threat Agent Profile: Irrationals

The
majority of system compromises can be traced to a simple principle – the
benefits, at least in the short to medium term, outweigh the cost. Broadly,
leaving governments aside, benefits can be divided into either financial or
psychological. Money is the root of almost all compromises. The targets these
hackers will go after are pretty simple to predict; roughly, they’ll go after
systems that provide the highest return at the lowest personal risk of
incarceration. Attacks motivated by psychology are more difficult. Most of the
psych hacks are web site defacements and limited to simple exploits – more in
the vandal category we reviewed. Within the psychology category is a subset
that is irrational; system compromises that really can’t be explained or
predicted, that stand against reason. What systems they will go after and how much
resource they’ll dedicate in doing so is anyone’s guess. Here is one:

During a yearlong period
beginning March 2001, Gary McKinnon, a British citizen, compromised scores of
sensitive U.S. government and military systems, including systems at the
Pentagon, Fort Benning, Fort Meade, the Earle Naval Weapons Station; and the
Johnson Space Center.In responding to
journalists regarding the case, the U.S. Attorney heading up the prosecution,
Paul McNulty said, “Mr. McKinnon is charged with the biggest military hack of
all time.”[1] And what was Gary’s stated motive? It was to discover evidence of a UFO
cover-up.[2]

The
‘irrationals’ represent a very small portion of the system hacks, but they are
out there and they are very bothersome. Perhaps the people that scare us the
most are the ones that we can’t explain.